Ingress Service URL configuration

Current status (Kohn)

Global settings:

global settings

global:
...
  # Global ingress configuration
  ingress:
    # generally enable ingress for ONAP components
    enabled: false
    # enable all component's Ingress interfaces
    enable_all: false
    # default Ingress base URL
    # can be overwritten in component by setting ingress.baseurlOverride
    virtualhost:
      baseurl: "simpledemo.onap.org"
    # All http requests via ingress will be redirected on Ingress controller
    # only valid for Istio Gateway (ServiceMesh enabled)
    config:
      ssl: "redirect"
    # you can set an own Secret containing a certificate
    # only valid for Istio Gateway (ServiceMesh enabled)
    #  tls:
    #    secret: 'my-ingress-cert'

    # optional: Namespace of the Istio IngressGateway
    # only valid for Istio Gateway (ServiceMesh enabled)
    namespace: istio-ingress

  # Global Service Mesh configuration
  # POC Mode, don't use it in production
  serviceMesh:
    enabled: false
    tls: true
    # be aware that linkerd is not well tested
    engine: "istio" # valid value: istio or linkerd

Component settings (e.g. in SDNC/DGBUILDER):

component settings

dgbuilder:
  ingress:
    enabled: false
    service:
      - baseaddr: "sdnc-dgbuilder-ui"
        name: "sdnc-dgbuilder"
        port: 3000
      - baseaddr: "sdnc-web-service-api"
        name: "sdnc-web-service"
        port: 8443
        plain_port: 8080
    config:
      ssl: "redirect"

Enhancements in London

Additional parameters to modify the BaseAddess value of the composed Ingress URL

Problem:

If ONAP is installed on multiple clusters (e.g. clusterA, clusterB)
and a wildcard-certificate for the baseurl domain exists (e.g. *.simpledemo.onap.org)
you cannot create cluster specific Ingress URLs for the ONAP services (e.g. sdnc-dgbuilder-ui.simpledemo.onap.org)

Solution:

Add a cluster specific post/prefix to the baseAddr of the service to create uniqe URLs instead changing each service baseAddr
Results using "postfix" e.g.
- sdnc-dgbuilder-ui-clusterA.simpledemo.onap.org
- sdnc-dgbuilder-ui-clusterB.simpledemo.onap.org

Ingress URL is currently composed:

^{Default: <component.ingress.service.baseaddr>.<global.ingress.virtualhost.baseurl>}
^{Override: <component.ingress.service.baseaddr>.<component.ingress.baseurlOverride>}

Ingress URLs result of the upper setup:

sdnc-web-service-api.simpledemo.onap.org, sdnc-dgbuilder-ui.simpledemo.onap.org

Planned enhancement:

Additional options in "global" section
Enhancement for the Ingress template

Enhancement for URL

    # default Ingress base URL and preAddr- and postAddr settings
    # Ingress URLs result:
    # <preAddr><component.ingress.service.baseaddr><postAddr>.<baseurl>
    virtualhost:
      # Default Ingress base URL
      # can be overwritten in component by setting ingress.baseurlOverride
      baseurl: "simpledemo.onap.org"
      # prefix for baseaddr 
      # can be overwritten in component by setting ingress.preAddrOverride
      preAddr: ""
       # postfix for baseaddr 
      # can be overwritten in component by setting ingress.preAddrOverride
      postAddr: ""

Allow customized Ingress Gateway Ports

Problem:

Ingress Gateways usually expose HTTP ports (80, 443), can be extended in non-NGINX gateways (e.g. Istio, Traefik)
The existing Ingress template only supports the 80/443 ports
If non-HTTP ports need to be exposed (e.g. Kafka Bootstrap, SDNC CallHome/TLS), this is not possible
see: External Kafka Access via Ingress

Solution:

In the component's ingress configuration the exposed port needs to be configurable
the Ingress template needs to generate the respective Gateway/VC resources

Planned enhancement for components ingress definition:

Add new optional configuration parameters:

exposedPort (custiomized Ingress-Gateway ports)
exposedProtocol (Protocol used on the exposed port)